How to use {domain} and {fqnd} tokens?

May 27, 2016 at 10:48 AM
From home page I read that:
Supports dynamics tokens "{domain}" and "{fqdn}" to add domain information on permissions to create.
I suppose these tokens allow adding qualified group names to permissions like "c:0-.t|adfs|domain\group" rather than the default unqualified name "c:0-.t|adfs|group"?

If so, how do I use it? Does it also work with domain trusts? That is when users from different domains/forests log in with 1 identity provider.

Thank you for answers and for a product, that should have been a feature of SharePoint itself.
May 30, 2016 at 2:40 PM
thank you for your feedback.
You can use them to add to values returned by LDAP Servers.
e.g. LDAP returns "role" but you want permission to be created as "domain\role", then you do so by:
  • go to central admin > security > LDAPCP claims mapping
  • edit "role" claim type and edit "Prefix to add to value returned" like this:
Marked as answer by janis_veinbergs on 6/2/2016 at 4:09 AM
Jun 2, 2016 at 11:08 AM
Hey, thanks, that works.

However there is an issue where group name is the same in another domain - that group is listed in the People Picker, but cannot add permissions because of Unexpected error. I'v registered an issue here: